Elastic APM agent break Hybris Backoffice application

Stephan_Beutel1 · April 8, 2020, 10:29pm

Elastic APM agent breaks SAP Commerce (Hybris) application.

Most of the application works fine after adding the agent, but the Hybris backoffice application is broken. The Hybris backoffice application uses the ZK Framework and after adding the agent, a lot of components cant resolved anymore.

Java version: Oracle JDK 11.0.6

Kibana version:7.6.1

Elasticsearch version:7.6.1

APM Server version:7.6.1

APM Agent language and version:Java elastic-apm-agent-1.14.0

Log/Errors:

First Error (Server Error 500):

SEVERE: Servlet.service() for servlet [zkLoader] in context with path [/backoffice] threw exception
com.hybris.cockpitng.util.zip.UnsupportedZipEntryException: ZipEntry with name: 'cockpitng/widgets/actions/salesunitcreateaction/definition.xml' is not supported!

From JavaDoc:

SafeZipEntry class that prevents Zip Slip vulnerability by disallowing ZipEntries with names that target outside directory, eg. ../foo.txt. In such cases de.hybris.platform.util.zip.UnsupportedZipEntryException is thrown.

After reloading the page (errors seems to be related to the first one as definitions can't be loaded):

2020-04-09 00:14:36.381 [hybrisHTTP4] WARN co.elastic.apm.agent.impl.ElasticApmTracer - Max spans (500) for transaction '' 00-0c11cfbe9f2643e3001d6ec85c821dd9-1a03f39f5ab70b84-01 (5505b7a3) has been reached. For this transaction and possibly others, further spans will be dropped. See config param 'transaction_max_spans'.
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code com.hybris.ruleenginebackoffice.listeners.swapcomplete
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code de.hybris.platform.promotionenginebackoffice.treenodeselector
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code de.hybris.platform.promotionenginebackoffice.treenodeselector
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code com.hybris.cockpitng.initScriptingAdvancedSearch
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code com.hybris.cockpitng.initScriptingAdvancedSearch
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code com.hybris.cockpitng.initDpdAdvancedSearch
ERROR [hybrisHTTP4] [DefaultWidgetInstanceService] Unable to load widget definition for code com.hybris.cockpitng.initDpdAdvancedSearch

Sylvain_Juge · April 9, 2020, 8:55am

Hi @Stephan_Beutel1,

I don't really see how our agent could cause the first UnsupportedZipEntryException, as it does not do change anything regarding files operations and zip files in particular.

What is your agent configuration ?
if the agent is configured to instrument all (or too much) classes, it will make the application startup a bit slower, which could lead in most extreme cases to startup errors.

The second error message Max spans (500) for transaction might be triggered due to having too much methods instrumented, or if there are too many calls to third-party services like >500 calls to a SQL database.

Alternatively, you can try to add the agent once the application is started using runtime attachment : https://www.elastic.co/guide/en/apm/agent/java/1.x/setup-attach-cli.html#setup-attach-cli

Stephan_Beutel1 · April 9, 2020, 11:20am

Thanks @Sylvain_Juge. Attaching the agent after application/server start solved the problem.
No errors anymore

system · April 30, 2020, 7:20am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.